| Author |
Message |
Christian Hewitt
Guest
|
 Posted:
Sat Nov 05, 2005 1:50 pm Post subject:
Win2k3 single NIC VPN routing problem |
|
|
Hi,
I have an all-in-one standalone Win2k3 server (DNS, WINS, DHCP, no-AD,
Fileserver + Apache + other apps) that i've got RRAS installed on and
setup as a home VPN server. The server is an old laptop with a built-in
*single* NIC. I travel in various parts of the middle east where
internet access is more restricted and governments (or hotels) block a
variety of protocols and websites (not just for anti-Pr0n.. business
stuff too - e.g. anywhere in Israel) and I want to be able to VPN
connect to home, route all of my traffic through the tunnel, and thus
bypass some of the blocking hassles whenever possible.
I have a Netgear ADSL firewall/modem box that uses PAT mappings to
direct the required VPN ports from my single static public IP to the
VPN/Win2k3 server. I can connect remotely to the server over PPTP with
no problems and my VPN client is given an IP address on the same subnet
as the VPN server. I have a small 20-IP DHCP range for LAN connected
clients (other laptops and the odd server). The VPN server uses another
small group of addresses in the same subnet. When VPN connected I can
access any resources on the Win2k3 server, ping it, resolve DNS names
via the server.. but I can't access any other network resources (eg.
ping the Netgear router) or anything on the internet.
My VPN client is the native one built into OSX 10.4. This works fine at
a whole bunch of other places, so while it's not a Windows client, it's
not assumed to be part of the problem.
I strongly suspect this is a routing issue.. which is where my
knowledge falls short.
This is the routing table on the VPN server with my client dialled in:
IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x10003 ...00 d0 59 0c 80 10 ...... Intel(R) PRO/100+ MiniPCI -
SecuRemote Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.16.1 192.168.16.250 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.16.0 255.255.255.0 192.168.16.250 192.168.16.250 20
192.168.16.100 255.255.255.255 127.0.0.1 127.0.0.1 50
192.168.16.102 255.255.255.255 192.168.16.100 192.168.16.100 1
192.168.16.250 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.16.255 255.255.255.255 192.168.16.250 192.168.16.250 20
207.237.44.80 255.255.255.255 192.168.16.1 192.168.16.250 20
224.0.0.0 240.0.0.0 192.168.16.250 192.168.16.250 20
255.255.255.255 255.255.255.255 192.168.16.250 192.168.16.250 1
Default Gateway: 192.168.16.1
===========================================================================
Persistent Routes:
None
Other info:
Netgear Router = 192.168.16.1
VPN server = 192.168.16.250
My VPN client IP = 192.168.16.102
My remote IP = 207.237.44.80
VPN DHCP range = 192.168.16.100 thru 109 (my client = 102)
Any ideas?
Christian |
|
| Back to top |
|
 |
Todd J Heron
Guest
|
| Posted:
Sat Nov 05, 2005 5:50 pm Post subject:
Re: Win2k3 single NIC VPN routing problem |
|
|
You need to set apply static route to the VPN client so that it may gain
access to the internal network beyond the VPN server. Can be done via RRAS
or you can control it through Active Directory (Via the Dial-in tab of the
user object).
Run route print on the VPN client (not on the server - you gave us the
routing table from VPN server) when it's connected again. To access the
internal network beyond your VPN server, it needs to see this route:
192.168.16.0 255.255.255.0 192.168.16.250 192.168.16.250 20
--
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights
"Christian Hewitt" <usenet@chrishewitt.net> wrote in message
news:3t3r1eFr0vugU1@individual.net...
Hi,
I have an all-in-one standalone Win2k3 server (DNS, WINS, DHCP, no-AD,
Fileserver + Apache + other apps) that i've got RRAS installed on and
setup as a home VPN server. The server is an old laptop with a built-in
*single* NIC. I travel in various parts of the middle east where
internet access is more restricted and governments (or hotels) block a
variety of protocols and websites (not just for anti-Pr0n.. business
stuff too - e.g. anywhere in Israel) and I want to be able to VPN
connect to home, route all of my traffic through the tunnel, and thus
bypass some of the blocking hassles whenever possible.
I have a Netgear ADSL firewall/modem box that uses PAT mappings to
direct the required VPN ports from my single static public IP to the
VPN/Win2k3 server. I can connect remotely to the server over PPTP with
no problems and my VPN client is given an IP address on the same subnet
as the VPN server. I have a small 20-IP DHCP range for LAN connected
clients (other laptops and the odd server). The VPN server uses another
small group of addresses in the same subnet. When VPN connected I can
access any resources on the Win2k3 server, ping it, resolve DNS names
via the server.. but I can't access any other network resources (eg.
ping the Netgear router) or anything on the internet.
My VPN client is the native one built into OSX 10.4. This works fine at
a whole bunch of other places, so while it's not a Windows client, it's
not assumed to be part of the problem.
I strongly suspect this is a routing issue.. which is where my
knowledge falls short.
This is the routing table on the VPN server with my client dialled in:
IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x10003 ...00 d0 59 0c 80 10 ...... Intel(R) PRO/100+ MiniPCI -
SecuRemote Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.16.1 192.168.16.250 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.16.0 255.255.255.0 192.168.16.250 192.168.16.250 20
192.168.16.100 255.255.255.255 127.0.0.1 127.0.0.1 50
192.168.16.102 255.255.255.255 192.168.16.100 192.168.16.100 1
192.168.16.250 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.16.255 255.255.255.255 192.168.16.250 192.168.16.250 20
207.237.44.80 255.255.255.255 192.168.16.1 192.168.16.250 20
224.0.0.0 240.0.0.0 192.168.16.250 192.168.16.250 20
255.255.255.255 255.255.255.255 192.168.16.250 192.168.16.250 1
Default Gateway: 192.168.16.1
===========================================================================
Persistent Routes:
None
Other info:
Netgear Router = 192.168.16.1
VPN server = 192.168.16.250
My VPN client IP = 192.168.16.102
My remote IP = 207.237.44.80
VPN DHCP range = 192.168.16.100 thru 109 (my client = 102)
Any ideas?
Christian |
|
| Back to top |
|
|
Christian Hewitt
Guest
|
| Posted:
Sun Nov 06, 2005 5:50 pm Post subject:
Re: Win2k3 single NIC VPN routing problem |
|
|
On 2005-11-05 16:23:21 +0000, "Todd J Heron"
<todd_heron(delete)@hotmail.com> said:
| Quote: | You need to set apply static route to the VPN client so that it may
gain access to the internal network beyond the VPN server. Can be done
via RRAS or you can control it through Active Directory (Via the
Dial-in tab of the user object).
Run route print on the VPN client (not on the server - you gave us the
routing table from VPN server) when it's connected again. To access
the internal network beyond your VPN server, it needs to see this route:
192.168.16.0 255.255.255.0 192.168.16.250 192.168.16.250 20
|
I'll give that a try - though not immediately as the server didn't come
back up from a remote reboot earlier and it'll be a week before i'm
home again. I'll also need to experiment on how to add the route into
the OSX VPN client. Thanks!
Christian |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in